Protocol Guardian

Protocol Guardian is an autonomous AI security agent that protects DeFi protocols from exploits in real-time. Unlike traditional security tools that react after an attack confirms on-chain, Protocol Guardian monitors the Ethereum mempool to detect threats BEFORE they land in a block.

The agent runs a 5-stage pipeline: (1) mempool pre-transaction monitoring via Alchemy WebSocket subscription, filtering pending txs targeting watched contracts; (2) pattern matching against 32 exploit function selectors extracted from $3.7B in historical attacks; (3) EVM trace simulation using eth_call to see exactly what a suspicious transaction would do before it confirms; (4) RAG-enriched Claude AI risk assessment, where the AI reasons about the threat with full context from 21 historical exploits including Euler ($197M), Ronin ($624M), Wormhole ($326M), and Beanstalk ($182M); (5) autonomous on-chain emergencyPause() via a Guardian smart contract holding the PAUSER_ROLE.

The system monitors 7 DeFi protocols across 12 contracts representing $45B in TVL (Aave, Uniswap, Compound, MakerDAO, Lido, Wormhole), with contracts deployed on Sepolia testnet for the demo. The entire response — from mempool detection to on-chain pause — happens before the malicious transaction is even mined.

Protocol Guardian is built in Python with six integrated modules:

Mempool Monitor: WebSocket connection to Alchemy's enhanced alchemy_pendingTransactions API, filtering pending transactions by target contract address. Supports fallback to standard newPendingTransactions subscription and HTTP polling. Sub-millisecond analysis latency (0.10ms average).

Exploit Pattern Engine: 32 function selectors across 6 attack categories (flash loan, reentrancy, oracle manipulation, access control, price manipulation, governance), with multi-vector combo detection that identifies dangerous combinations like flash loan + reentrancy that have historically caused the largest losses.

EVM Trace Simulator: Uses eth_call and debug_traceCall to simulate suspicious transactions before confirmation. Extracts internal call traces, token transfers, ETH value flows, state diffs, and DELEGATECALL/SELFDESTRUCT detection. Provides concrete evidence to the AI layer, not just pattern matching.

RAG Knowledge Base: 21 structured exploit records from 2016-2026 ($3.7B total losses) indexed by attack category, function selector, and tags. When a threat is detected, relevant historical parallels are retrieved and injected into Claude's prompt so it reasons with domain expertise.

Multi-Protocol Watchlist: Registry of 7 DeFi protocols (Aave V3, Uniswap V3, Compound, MakerDAO, Lido, Wormhole) with contract addresses, critical function selectors, risk tiers, and TVL tracking. Extensible — anyone can add protocols.

Smart Contracts: MockLendingPool and ProtocolGuardian deployed on Sepolia. ProtocolGuardian holds PAUSER_ROLE and executes emergencyPause() autonomously when Claude confirms a critical threat with high confidence.

Tech stack: Python 3, FastAPI, web3.py, websockets, Claude API (Anthropic), Solidity/Hardhat, Alchemy, Supabase, Vercel.

Notably hacky: The mempool monitor scans embedded function selectors inside calldata (not just the primary selector), which catches flash loan callback payloads that contain nested exploit calls — this is how we detect multi-step attacks in a single pending transaction.